Use these pages as reference documentation when implementing the password credentials grant flow in your application. Adapted from The OAuth 2.0 Authorization Framework specification [RFC 6749].

An overview of the resource owner password credentials grant

Figure 5 from RFC 6749

The steps are as follows:

• A: The user provides the client application with their username and password.
• B: The client requests an access token from the service provider's token endpoint using the credentials received from the user. During this step, the client application authenticates with the service provider as well.
• C: The service provider authenticates the ...